Dental HIPAA Compliance: What You Should Know

Today, most dental offices run electronically. From having patients fill out forms to checking them in to appointments to filing dental records and more, it’s all done electronically. Why? Because the advancements of technology allow dentists to run their offices more efficiently than ever before.

But since we live in such a technology-driven world, where we use computers and mobile devices for nearly everything we do, dental offices are more at risk of violating HIPAA rules — a situation you don’t want to get yourself into. Violating HIPAA could result in hefty fines, a bad reputation among the dental community and even jail time. One small, overlooked mistake could cause your office to lose thousands of dollars, hours of time, numerous patients and the respect of your community and fellow dentists.

That doesn’t have to be the situation for your dental office. By knowing how HIPAA applies to dental offices and what not to overlook, your office can maintain compliance, a steady income, its patients and its reputation as an honorable dental office.

Here’s what your dental office needs to do to ensure HIPAA compliance:


Write down a HIPAA compliance policy.

Without a plan, it’s highly unlikely what you want to happen is actually going to happen. Your plan in this case is a written HIPAA compliance policy clearly stating how your office and each staff member is going to meet HIPAA requirements to remain compliant and safeguard your ePHI. This needs to be one of the first things you do to ensure success!


Hire a HIPAA Compliance Officer.

The HIPAA Privacy Rule and HIPAA Security Rule requires someone in your organization to be given the responsibility to oversee and implement this rule. If your organization is large enough and can afford it, hire someone to be your privacy officer. If you’re a smaller dental office, the privacy officer role usually falls into the hands of the dentist or office manager. Regardless of who is given the job, be sure they’re qualified to hold this position, which includes being very organized and responsible.


Train your staff.

Most likely, your staff needs to be trained on how to fulfill their roles while not breaching HIPAA policies. The only way your office stays compliant and protected from outrageous fines is if each employee knows the guidelines and what their responsibilities are. Have your privacy officer schedule and hold team trainings. Our HIPAA compliance software systems help educate your employees if you’re not sure how to conduct trainings. After you’ve successfully trained your staff, don’t forget to have everyone sign a written agreement stating they’ve completed their HIPAA training. The bottom line for many organizations is that employee education prevents violations.


Have a written Business Associate Agreement.

When you work with business associates (people or companies you’re partnered with that work with or are exposed to ePHI systems) it’s your responsibility to make sure they properly handle this information. If one of your business associates doesn’t comply with HIPAA, then you will also face consequences for their non-compliance. Write up a detailed written Business Associate Agreement for your business associates to sign to protect your office and patients.


Protect your patients’ ePHI.

Using mobile devices makes you more vulnerable to mishaps with your patients’ private health information. Three of the top ways dental offices breach HIPAA are devices storing ePHI that are stolen or lost and unauthorized people viewing your patients’ ePHI.

Here’s how to help prevent these accidents from happening:

  • Carefully handle and securely store office mobile devices.
  • Use passcodes or a form of authentication on mobile devices.
  • Install encryptions.
  • Enable firewalls and security software.

These steps help prevent your devices and patients’ information from getting in the wrong hands or being seen by the wrong eyes; which can be employees, disgruntled ex-employees, hackers or other patients.


Perform a Security Risk Analysis.

A crucial step in maintaining HIPAA compliance is performing a thorough Security Risk Assessment. This isn’t a one-and-done analysis. You need to regularly perform this assessment and have a corresponding risk management plan in place to fix any compliance issues or vulnerabilities you discover. You can do this on your own, but it’s advised to use a professional or HIPAA compliance software to complete this self-assessment for you. Most software will not only complete the analysis, it will also provide plans to remediate any compliance holes it finds.


Inform your patients about your HIPAA privacy agreement.

Let your patients know about your HIPAA privacy policy. HIPAA requires that your patients know your policy and that they acknowledge they’ve seen and understand it. Have the policy written down and have them read, sign and date the form online before their appointment or in a paper form when they come into your office for an appointment. Patients also have the right to refuse your HIPAA privacy policy, so if they do, make note of it to keep on file. Also on this form, include a “Right To Revoke” clause. Your patients reserve the right to not disclose any of their private dental information to specific parties, and if you don’t provide this option on your forms, they’re invalid and you’re breaching HIPAA if you release their information to another party.

Don’t take any unnecessary risks when it comes to HIPAA compliance. Know what your dental office needs to do and shouldn’t do, so you stay HIPAA compliant and away from the chaos of lawsuits and fines.